package com.jh.fcsm.common;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import org.jsoup.Jsoup;
import org.jsoup.safety.Safelist;
import java.io.IOException;

public class StringFWBXssDeserializer extends JsonDeserializer<String> {
    @Override
    public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
        if (p == null || p.getText() == null) {
            return null;
        }

        String source = p.getText().trim();
        // 把字符串做XSS过滤
//        source = source.replaceAll("alert", "");
//        source = source.replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"");
//        source = source.replaceAll("script", "");
        //过滤富文本内容
        Safelist sa=Safelist.relaxed();
        sa.addTags("&");
        return Jsoup.clean(source, sa);
    }

}